10. Risk management and internal control

Kitron’s business model is to provide manufacturing and assembly of electronics and industrial
products containing electronics, including development, industrialisation, purchasing, logistics,
maintenance/ repair and redesign. The board sees no unusual risks beyond normal business risks that
any light industry operation is exposed to.

EMS is a highly competitive industry, presenting the company with an inherent business risk related
to Kitron’s ability, firstly, to attract and retain customers who are and who will be predictable
and successful in their respective markets and, secondly, to make a fair profit margin on its
business. The group’s customer portfolio consists of reputable companies operating in various
segments. Several of the group’s customers are world leaders in their respective fields. It is
Kitron’s perception that the customer portfolio is robust and well balanced. Kitron’s value
proposition to its customers includes flexibility, competence, quality, closeness and full value
chain capability. The board is confident that Kitron is able to maintain a viable, leading and
adaptive business. Kitron is organised in distinct manufacturing sites, each fully accountable for
its own revenues, profitability and level of capital employed. The structure facilitates closeness
between management and the operation, which in turn provides good oversight and adequate internal
business control.

The group has established a decentralised management model featuring delegated responsibility for
profits. As a result, the control function parallels the group’s management model, and it is the
individual unit’s responsibility to make sure that it has the capacity and expertise it requires to
carry out responsible internal control. Governing management documents have been adopted, describing
the group’s requirements for responsible internal control.

Management prepares monthly financial reports that are sent to the Board of directors.
When the
group’s quarterly financial reports are to be presented, the Audit
Committee reviews the reports
prior to the board meeting. The Auditor participates in the Audit Committee
meetings, and also meets
with the entire Board in connection with the presentation of the annual financial statements.

The Board annually reviews the strategic plan. In addition, as part of the preparation to the
strategic discussion, the Board also annually review the group risks. The group’s financial position
and risks are described in the Board of directors’ Report in the Annual Report.

The health, safety, and environmental risks are limited and well managed, and Kitron’s ISO quality
systems are certified by certification agencies and also inspected and approved by several of the
group’s customers.

Kitron’s customers are professional product-owning companies, which purchase the manufacturing and
related services from Kitron. Kitron is not the product owner and the group’s product liability risk
is thus negligible.

Kitron has established routines for notification and follow-up on any alleged misconduct.

The Group has an Ethical Advisory Board whose task it is, on behalf of the management, to review
Governance documents, decide and/or advise in Ethical dilemmas and conduct risk analysis and
implement relevant actions.